Exchange 2007 Transport rules are a GREAT feature to control mail flow for business and security reasons. One of my favorite uses is to base a rule on group membership. Unfortunately, the first time I tested this, I was making a rule to block Internet Email from members of the "No Internet Email" group. I created the group, added myself, and created the rule.
It worked flawlessly, and I then removed myself from the group. Then I tested again and found I still got a bounce error from the rule firing.
I found out (quickly) that restarting the transport service fixed this, but I never did find the reason why this was occurring.
Then I found this article that explains it all:
http://technet.microsoft.com/en-us/library/bb124703.aspx
"Each Hub Transport server maintains a recipient cache that is used to look up recipient and distribution list information. The recipient cache reduces the number of requests that each Hub Transport server must make to an Active Directory domain controller. The recipient cache updates every four hours. You can't modify the recipient cache update interval. Therefore, changes to transport rule recipients, such as the addition or removal of distribution list members, may not be applied to transport rules until the recipient cache is updated. To force an immediate update of the recipient cache, you must stop and start the Microsoft Exchange Transport service. You must do this for each Hub Transport server where you want to forcibly update the recipient cache."
So in short, testing can be unpredictable because once the transport rule fires on a DL membership rule, it caches that membership for 4 hours.
No comments:
Post a Comment